Organisations are increasingly digitising their services and day-to-day business, but did you know that SME’s and start-ups are often the most at risk, and have the most to lose, by doing so?
The reputational and financial consequences of poor cyber-security are vast. New GDPR legislation fines up to £17 million or 4% of global annual turnover for data-breaches. Large firms can absorb these repercussions, but they are enough to shut down even the most promising of small businesses.
We have identified seven behavioural and technical steps you can take to minimise damage caused by cyber-attacks, protecting your organisation’s data, without breaking the bank.
Educate your staff
Organisations are made up of individuals. An unavoidable reality of the digital era we live in is that these individuals are responsible for putting your organisation’s cyber security at risk. Using and reusing insecure passwords and responding to phishing emails are among the most common causes of security breaches. Training staff on cyber security- identifying scam emails and changing passwords regularly- is a quick and easy way to reduce risk.
Change Business Mentality
We all have a friend whose social media has been hacked. It always happens to a friend though, never to me. Businesses think the same. Data breaches and cyber security attacks happen to other, bigger businesses, but never my businesses, right? WRONG. Businesses and employees at all levels need to accept that cyber-attacks are a very real possibility. This change in mentality will create ownership and vigilance amongst your staff base.
Beware of Malware
Malware- including ransomware, spyware, adware, bots and Trojans- is software that gets installed by criminals to perform unwanted activity on your IT system. Investing in good anti-virus technology, firewalls, firmware and 24/7 monitoring can protect your business from such attacks.
Monitor your inbound traffic
Knowing your typical inbound traffic profile will help you recognise when your profile changes and enable you to act quickly when under attack. Distributed Denial-of-Service (DDoS) attacks bombard your businesses IP address with huge amounts of traffic, slowing the site down and denying legitimate visitors access.
Differentiate IT and Cyber Security
You may pride yourself on your accuracy, but guaranteed, someone else will pick up more mistakes when proof reading your business proposal than you would yourself. Same principle applies to IT; for the best results, an independent cyber-security team will better assess your IT system than your IT team.
Secure remote Devices
Out-of-office work as well as bring-your-own-device (BYOD) are becoming increasingly common in workplaces. Encrypting remote devices and having a restrictive BYOD policy will limit the risk for security breaches.
Back it Up
Imagine all your server information backed up on a hard-drive as the best value insurance policy you can find. Should you fall victim to a cyber-attack where your information is stolen or deleted, you will know exactly what criminals have accessed and make the most informed recovery strategy.
Remember, while SME’s and start-ups may have the most to lose, through proactive risk management, you can rest assured that your business makes the most of digital opportunity, in a secure and responsible way.